The widespread use of computer networks has changed the way that corporate enterprises access and work with information. In addition, the rise in use of portable devices such as laptop computers, at-home desktop computers, handheld “pocket PCs,” and PDAs have changed the security complexion and nature of the data network. Instead of being merely a workstation physically located within a corporate enterprise's premises, a user's “desktop” may consist of a desktop computer, a laptop computer, a portable device, or some combination of any or all of these devices. At the same time, because of these portable devices, the user no longer needs to be physically present within a corporate enterprise's premises in order to access the network, but instead can access the network from many other places.
The expansion of the nature of a user's “desktop” and the increased ability to access a corporate enterprise's network outside the corporate enterprise's premises have increased the need for an enterprise to establish, implement, and monitor desktop security procedures and to ensure compliance with those procedures. Access by non-compliant devices can pose significant dangers to the security of an enterprise's network as well to the user's and corporate data. These dangers can come in many forms, such as the infiltration of computer viruses or so-called computer “worms” into the network with possibly catastrophic results; use of software that is incompatible with the enterprise's operating system or other applications, causing system crashes; or even something as simple as outmoded or obsolete equipment that decreases the efficiency of the enterprise. In addition, an enterprise must protect itself against the release of confidential or proprietary information that can result from unauthorized entry into its network.
Thus, it has become increasingly important that an enterprise develop and maintain policies and procedures to protect the security of its network. Such network desktop security policies and procedures may include device verification to identify the device being used to access the network; by verifying the device, the enterprise can ensure that the device used complies with minimum network access criteria such as up-to-date operating system and other software and meets network security parameters such as up-to-date virus and spyware protection. Desktop security policy may also include user verification to prevent access by unauthorized users or to unauthorized information or applications. Network security may further include any other security criteria established by an enterprise as necessary or desirable for the enterprise's operation.
In addition, to ensure that the users and desktops are authorized to access the network and that only authorized persons are able to work within the network, it is desirable to have a system for identification of any problems relating to network security and collection of data regarding security compliance and the resolution of issues relating to the same.
Because of the importance of such network and desktop security to the well-being of an enterprise, many systems have been developed to address these desktop security issues. For example, U.S. Pat. No. 6,714,976 to Wilson et al. discloses a system and method for monitoring a network based on the detection of triggering events and collecting data resulting from or regarding those events. U.S. Pat. No. 6,584,568 to Dircks et al. discloses a network security method where the administrator can remotely establish a user profile that loads every time that a user accesses a network and that is used to provide the user access only to authorized network applications and utilities. U.S. Pat. No. 6,542,994 also to Dircks et al. similarly discloses a system and method relating to user authentication and login security, to ensure that the network is accessed only by users who are authorized to do so. U.S. Pat. No. 6,304,973 to Williams discloses a secure network that implements a restricted access system through the use of encrypted communications between the user's device and a common network medium connecting the devices.
None of these prior art systems, however, provide an integrated approach to the question of network security, one that encompasses multiple aspects of the network security process. These aspects include establishment and maintenance of desktop security policies and procedures to implement those policies, establishment of desktop security support teams who are responsible for maintaining security compliance for an organization's desktop population in accordance with those policies and procedures, education of users regarding the importance of network security to the enterprise, compilation of data regarding network security status of one or more user or set of users, and periodic review of all these aspects to ensure that the enterprise's network security needs are being met without unduly restricting users.
Thus there is a need for an integrated approach to desktop security management that addresses the multiple desktop security management needs of an enterprise.